Dumpster diving. A huge trove of data spilled onto the web and has been helpfully uploaded to HaveIBeenPwned, a leaked password-checking database for consumers, by security researcher Troy Hunt, the site’s proprietor. The leak, dubbed “Collection #1,” contains nearly 773 million unique email addresses and more than 21 million unique passwords—making it Hunt’s largest-ever upload. It’s unclear where exactly the data originated, although the anonymous person(s) who posted them online claim they came from many different sources. Best use the opportunity to clean up your password hygiene.

Be yourself. Facebook is still combatting disinformation. Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said the media giant booted two Russian operations—including one involving Sputnik, a Moscow-based news agency—off Facebook and Instagram on Thursday. Facebook suspended hundreds of accounts and pages that he said engaged in “coordinated inauthentic behavior.” He noted that the fight against fakers is “an ongoing challenge.”

Chinese finger trap. Federal prosecutors are probing Huawei for allegedly stealing intellectual property from U.S. companies, including components from a T-Mobile phone-testing robot called “Tappy,” reports the Wall Street Journal. The investigation is “at an advanced stage and could lead to an indictment soon,” the Journal’s unnamed sources said. Add this development to the mess of controversies entangling the Chinese company.

Demand a recount. The Financial Times said it discovered evidence of “huge fraud” in the Democratic Republic of Congo’s December presidential election. The paper claims that its own independent tally of votes, based on data leaked by an unnamed source close to Martin Fayulu, the contest’s loser (but actual winner?), exposes the fraud. The report corroborates the view of the Catholic Church, which earlier denounced the election’s “results” after conducting its own audit.

Look; don’t touch. A California judge recently ruled that police officers are not authorized, even in possession of a search warrant, to force suspects to unlock their phones using biometrics, like a fingerprint or facial scan, Forbes reports. Judges had already ruled that passcodes were protected against such coercion, meaning people could refuse to supply them, thereby preventing self-incrimination. The judge, who called the original law enforcement request “overbroad,” wrote, “If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device.”